This vulnerability was analyzed during Episode 163 on 31 October 2022
Improper handling of multi-line header values, specifically in handling the Transfer-Encoding header Node would parse the value up to the first new-line and not include the remaining content.
Transfer-Encoding: chunked
, identity
The value of the header should be chunked , identity, with identity indicating the body is 0 bytes. However Node will parse it as chunked so may incorrectly parse a body to the request.